|
|
|---|
|
|
|
|---|
Check if a
(certify-possiblep cert dests systate) → yes/no
The
The validator in question is the author of the certificate.
If the validator is faulty, for each endorser in the certificate, there must be a message, in the network, from that endorser for the proposal of the certificate. As a special case, if the certificate has no endorsers, no such message is required to be in the network: nothing prevents a faulty validator from authoring a proposal and then certifying it with no additional signatures; the certificate will not be accepted by correct validators, but the certificate can still be generated.
If the validator is correct,
no message is required to be in the network,
because endorsing signatures are incorporated into the validator state
via separate
Function:
(defun certify-possiblep (cert dests systate) (declare (xargs :guard (and (certificatep cert) (address-setp dests) (system-statep systate)))) (let ((__function__ 'certify-possiblep)) (declare (ignorable __function__)) (b* (((certificate cert) cert) ((proposal prop) cert.proposal) ((when (not (in prop.author (correct-addresses systate)))) (subset (make-endorsement-messages prop cert.endorsers) (get-network-state systate))) ((when (in prop.author (address-set-fix dests))) nil) ((validator-state vstate) (get-validator-state prop.author systate)) (prop+endors (omap::assoc prop vstate.proposed)) ((unless prop+endors) nil) ((unless (equal cert.endorsers (cdr prop+endors))) nil)) t)))
Theorem:
(defthm booleanp-of-certify-possiblep (b* ((yes/no (certify-possiblep cert dests systate))) (booleanp yes/no)) :rule-classes :rewrite)
Theorem:
(defthm certify-possiblep-of-certificate-fix-cert (equal (certify-possiblep (certificate-fix cert) dests systate) (certify-possiblep cert dests systate)))
Theorem:
(defthm certify-possiblep-certificate-equiv-congruence-on-cert (implies (certificate-equiv cert cert-equiv) (equal (certify-possiblep cert dests systate) (certify-possiblep cert-equiv dests systate))) :rule-classes :congruence)
Theorem:
(defthm certify-possiblep-of-address-set-fix-dests (equal (certify-possiblep cert (address-set-fix dests) systate) (certify-possiblep cert dests systate)))
Theorem:
(defthm certify-possiblep-address-set-equiv-congruence-on-dests (implies (address-set-equiv dests dests-equiv) (equal (certify-possiblep cert dests systate) (certify-possiblep cert dests-equiv systate))) :rule-classes :congruence)
Theorem:
(defthm certify-possiblep-of-system-state-fix-systate (equal (certify-possiblep cert dests (system-state-fix systate)) (certify-possiblep cert dests systate)))
Theorem:
(defthm certify-possiblep-system-state-equiv-congruence-on-systate (implies (system-state-equiv systate systate-equiv) (equal (certify-possiblep cert dests systate) (certify-possiblep cert dests systate-equiv))) :rule-classes :congruence)